CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37678
https://notcve.org/view.php?id=CVE-2024-37678
24 Jun 2024 — Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script. • https://github.com/dabaizhizhu/123/issues/3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37679
https://notcve.org/view.php?id=CVE-2024-37679
24 Jun 2024 — Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter. • https://github.com/dabaizhizhu/123/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33898
https://notcve.org/view.php?id=CVE-2024-33898
24 Jun 2024 — An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. ... An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. • https://www.axiros.com/2024/03/vulnerability-in-axusermanager • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5443 – Remote Code Execution via Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-5443
22 Jun 2024 — Consequently, if an attacker can create a `config.yaml` file in a controllable path, this path can be appended to the `extensions` list and trigger the execution of `__init__.py` in the current directory, leading to remote code execution. • https://github.com/parisneo/lollms/commit/2d0c4e76be93195836ecd0948027e791b8a2626f • CWE-29: Path Traversal: '\..\filename' •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5450 – Bug Library < 2.1.1 - Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2024-5450
22 Jun 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/d91217bc-9f8f-4971-885e-89edc45b2a4d • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5080 – WP eMember < 10.6.6 - Admin+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-5080
22 Jun 2024 — This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/15f78aad-001c-4219-aa7e-46537e1357a2 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37898 – Safe mode Cross-site Scripting (XSS) vulnerability in Joplin
https://notcve.org/view.php?id=CVE-2023-37898
21 Jun 2024 — A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. • https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38506 – Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin
https://notcve.org/view.php?id=CVE-2023-38506
21 Jun 2024 — A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. ... As such, the `onload` attribute of pasted images can execute arbitrary code. • https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45673 – Arbitrary code execution on click of PDF links in Joplin
https://notcve.org/view.php?id=CVE-2023-45673
21 Jun 2024 — A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrus... • https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36481 – tracing/probes: fix error check in parse_btf_field()
https://notcve.org/view.php?id=CVE-2024-36481
21 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/c440adfbe30257dde905adc1fce51131145f7245 • CWE-754: Improper Check for Unusual or Exceptional Conditions •